Hacker News new | past | comments | ask | show | jobs | submit login
How to find and delete data Google keeps about you (cnet.com)
72 points by rahuldottech 4 days ago | hide | past | web | favorite | 42 comments

Funny that this is from CNET, notorious for bundling all of their download.com software with adware and spyware.

To big tech, tech news and media, privacy is just propaganda

Did you hear the joke about the guy that successfully opted out of Google tracking?

He got run over by a Waymo.

Seriously though, anyone who understands Google’s ad business (and ancillary businesses, like Waymo and Nest) knows they will never voluntarily provide a complete opt-out to data tracking.

On the bright side, I used to bike commute near their self driving cars. They certainly have GB’s of 3D full body scans of me wearing spandex. I hope it gives their AI nightmares.

> knows they will never voluntarily provide a complete opt-out to data tracking

In the sense that they lack the will or in the sense that it's a technical impossibility? I think there's a lot of detail in the definition of the term "complete opt-out to data tracking" that needs clarification to evaluate a statement like that.

(For one thing, your Waymo joke is kinda serious. ;) )

In the sense that as nobody can ever know for sure if they did, or prove they didn't, than they will never do

If a service is provided to you by a for profit company for free YOU are the product that the company sells.

This article says that holding your location history is creepy but holding your search history is harmless and you should let them do it.

I find the opposite is true. I have no use for my search history, but I like to see my timeline to help me remember. I have a bad memory. Looking up past events, trips I took, places I've been and the context of my old photos is important to me.

So my question is, why does CNET want me to delete my timeline but not my search and app usage history? My location data is of no use to them, (but it is of use to me,) so location data is "creepy" but my search history is very important to keep? Huh? Why exactly? Why do I need to remember that 2 months ago I searched for "python ppa ubuntu"? Useless. Delete it please.

PSA: Before you delete your location history, please consider downloading it for personal use later, via Google Takeout. Several tools (that you host) may make that data useful/interesting to you (especially for trips/vacations/events).

Would you mind elaborating on the “several tools” that you’re referring to? I’d like to learn more about this.

There are a couple tools that will extrapolate your location from a bunch of location sources and apply it, to, for example, images and videos that don't have direct GPS metadata. The only tool I've used is https://exiftool.org/geotag.html

(I'm a huge fan of ExifTool: I wrote both the ruby and node wrappers for it!)

FWIW I will be adding this location extrapolation to PhotoStructure at some point soon, as all my dSLR images don't have GPS tags.

The article starts with this sentence:

"Whether you have an iPhone ( $699 at Apple ) or Android phone, Google Maps logs everywhere you go, the route you take to get there, when you arrive and what time you leave -- even if you never open the app."

Where iPhone link actually is an affilate link to Apple Store which (I assume) pays money to CNet for advertising it.

Am I the only one that considers this a bit suspect? Especially in an article that's talking about Apple's competitor?

I agree it's suspect, but the link may have been auto-added by the publishing system, not by the author (disclaimer: I helped build their product catalog and taxonomy tools a long time ago).

If CNET needs stupid affiliate links to stay in business, they should probably call it quits.

For quite some time now I always assume any link to a store from any commercial site is an affiliate link. It doesn't bother me. May be because I just expect it now.

A friend of mine took a web dev course not long ago and they would keep pressuring you to buy books that were all amazon affiliate links.

All it probably does is switch a Deleted field to True.

Just in case you want to get it back some day!

You joke, but accidental deletion of critical information is more common than desired deletion of sensitive information, which is exactly why services have soft deletion: most users want it.

Like the day your security services interrogator tells you to get it back.

Softdelete - its a very popular concept.

you are 100% correct. one day i found my 5 months old comments on youtube, which i deleted. i expect someone had restored a backup due to some kind of failure. so yeah, 100% breach of GDPR right there. but an individual, that is the product here, cannot do shit about it, that's just a illusion. only government have the power to actually fix this mess.

I’m curious about how they make use of their knowledge of multiple accounts. In Chrome and the Gmail app they definitely understand that these x accounts belong to the same person, and I imagine there’s some kind of Uber-profile on me.

I keep waiting for the day I’m filling out one of their captchas and after a couple failed attempts it’ll say, “c’mon, (my actual name), you know what a traffic light looks like”.

> I’m curious about how they make use of their knowledge of multiple accounts. In Chrome and the Gmail app they definitely understand that these x accounts belong to the same person, and I imagine there’s some kind of Uber-profile on me.

At the beginning they actively discouraged these, but in the end they gave up and make multiple personal profiles supported. Of course the have our uber-profile, after all, I situations where multiple Gmail accounts in one phone are shared by different people must be extremely rare. So I guess they embraced it and try to learn more about the user by analyzing how these different accounts are used.

Whether or not they use it for aggregate tracking, it's necessary for fraud detection. Creating a thousand ghost accounts to multiply the force of an attack via (or upon) Google services is "black hat 101."

So you click a few buttons and trust that they do what you want them to do. Google could just say they delete that data and still keep and sell it, there is no way of really knowing.

That would open them up to costly litigation, especially under GDPR. Not saying "companies never break the law", just that doing it this explicitly is a much higher risk profile to them. That, in turn, makes it less likely they'll do it.

They are already not compliant with the GDPR.

What you say is reasonable. However, in order to prove that, someone would have to analyze the code. SV companies are not exactly the best examples of complying with the law; one of the biggest of them had programmers actively adding code that was designed to confuse municipal officials trying to regulate it, and I'm not sure today's Google is very different. (I want to believe it is.)

Google does not sell data.

Oh, so they just sell ACCESS to data. Got it.

I never understood this "they sell our data" argument against Google. They track us all, they profile us in all imaginable ways, but they are guarding these data jealously as it's their most important asset. Selling access to our data is an inaccurate description, they sell profiled ads in a way that you as the buyer never contact the end user directly, Google is always the middleperson.

It's pretty easy to go to the main privacy settings and turn off all tracking and also 'delete' whatever info they've accumulated. I tend to do that every month or to, as Google's dark patterns on my phone or some other site almost always turn them back on, especially location.

Regardless, it seems like a pointless exercise. Besides the easier to find 'privacy' settings that Google makes available, you can actually request to download ALL the data Google has on you. Last time I tried, I filled out the form and the reply is that Google will need almost a week of time to gather the data, upon which they sent me a link to download a massive (several GB) log file.

So let me get this straight. I supposedly deleted ALL my data in the privacy settings. Just five minutes later I can then download the GB of data they still have on me?

I'm guessing the easier to find privacy settings don't do much at all except delete some advertiser ID that is used a primary key in their main caches, used with cookies and on Android.

On the other hand, using more complex analytics, they could easily put together a profile of every single bit of data they've got on my for the last 10 years.

That’s not all the data on you. That’s all the obvious visible sort of data.

> but you can wipe the slate clean with these steps.

That subtitle is misinformation, and so is the underlying premise of much of that story, as:

1. All of the data Google collects is passed on to the NSA (if not also elsewhere), which will obviously not delete it.

2. The fact that the information stops appearing as part of your account does not mean it is properly deleted from Google's servers for their own internal use (and perhaps more 3rd party sharing).

3. The results of _processing_ your collected personal data - even mildly - are not part of what you see on your profile, and you're not issuing a command to delete all that.

> All of the data Google collects is passed on to the NSA (if not also elsewhere), which will obviously not delete it.

This is obviously false, given that the Snowden leaks showed the NSA literally tapping wires between Google datacenters. They wouldn't need to do this if everything was shipped to the NSA already.

The NSA got caught with its hand in the cookie jar, and instead of taking it out, just made a deal with the cookie chef to share crumbs without anyone knowing, coz "national security", etc.

> All of the data Google collects is passed on to the NSA (if not also elsewhere), which will obviously not delete it.

Curious the source of this factoid.

Edward Snowden:


but you're right in the sense that the NSA has access to the data; it is up to it whether or not it copies and how much. But a safe assumption is "everything".

The system Snowden uncovered is no longer a viable attack vector.


While Google is still a huge target, there isn't any evidence that its internal systems are actually compromised now by the NSA.

I'd be interested to see what they know about me if I don't have an account.

assuming no smartphone in this scenario, every time you visit any o their services you are being tracked via ip and headers you sent(referrer for example). this way they can build a profile, even if they do not have your personal details. you think you are "safe" if you do not use their services but 99% of websites use their google analytics, cdn or social widgets/sharing buttons... which allows them to track you. so the only way to avoid this breach of privacy is to keep your hosts file updated and never let your browser access any of their websites. i would also be concerned with their dns over http now.

facebook is the same but due to its nature it does it only via its social sharing widgets that people put on their websites and the embedded comments and things like that.

google's cdn is the most dangerous of these things.

But why?!

Applications are open for YC Summer 2020

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact